From: Eric Covener <covener@apache.org>
Date: Thu, 19 May 2016 14:28:07 +0000 (+0000)
Subject: bump CVE to the top
X-Git-Tag: 2.4.21~148
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=1b8296b6891e369bd0786160db64c9ce95487b3e;p=apache

bump CVE to the top


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1744591 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 53ac14eda1..f00cbee92b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -73,6 +73,10 @@ Changes with Apache 2.4.21
 
 Changes with Apache 2.4.20
 
+  *) SECURITY: CVE-2016-1546 (cve.mitre.org)     
+     mod_http2: restricting number of concurrent stream workers per connection
+     if client is slow. 
+
   *) core: Do not read .htaccess if AllowOverride and AllowOverrideList
      are "None". PR 58528.
      [Michael Schlenker <msc contact.de, Ruediger Pluem, Daniel Ruggeri]
@@ -100,10 +104,6 @@ Changes with Apache 2.4.20
   *) mod_http2: Fix build on Windows from dsp files.
      [Stefan Eissing] 
      
-  *) SECURITY: CVE-2016-1546 (cve.mitre.org)     
-     mod_http2: restricting number of concurrent stream workers per connection
-     if client is slow. 
-     
 Changes with Apache 2.4.19
 
   *) mod_include: Add variable DOCUMENT_ARGS, with the arguments to the